Equipment: the Windows Server installed in Week 11.
(3h) Initial audit: list all installed roles and features, identify those not needed for the test server's role, cleanly uninstall them.
(3h) Configuring the Windows Firewall: check the active profile, create a rule allowing a specific inbound port, create a rule blocking an unused port, test both rules.
(3h) Update management: check available updates, apply critical security updates, verify the result and restart if needed.
(2h) Post-hardening audit: compare the initial and final states (services, ports, updates), document the changes made and their justification.
(2h) Linux/Windows comparison: a summary table cross-referencing hardening actions performed on both systems — to anchor the conceptual consistency between the two environments.
Expected comparison table: SSH Linux ↔ RDP/WinRM Windows (secure remote access), iptables/nftables Linux ↔ Windows Defender Firewall (network filtering), apt/dnf Linux ↔ Windows Update (updates), journalctl Linux ↔ Event Viewer Windows (logs) — the logic is identical in both cases.
◆ SUMMARY SHEET — WEEK 15 SELF-ASSESSMENT
1. I can explain the principle of least privilege.
2. I can configure SSH with key authentication and disable passwords.
3. I can configure a local Linux firewall with a default deny policy.
4. I can create inbound and outbound Windows Firewall rules.
5. I can audit active services and listening ports on a server.
6. I can apply security updates on both Linux and Windows.
7. I can document the changes made during a hardening exercise.
8. I can draw the parallel between Linux and Windows hardening actions.